Original Post — Direct link
about 4 years ago - /u/Mod_Stevew - Direct link

In this situation, recovering the account is the only way to set a new email and pass, and then disable Auth via the new email address. When a recovery attempt is denied they should indicate the reasons and information that needs to be improved.

If the deny response comes very quickly, that means the information is so weak that it hasn't even passed a very basic security check - that can happen if you are trying to recover the wrong account. If the response takes a little longer then it is good news, it means it has passed basic checks but is still not quite enough to be granted.

Focus on info that only the owner is likely to know, creation ISP, location, billing history, contact emails, contact postcodes, bill payers names and so on ... and always try to give the OLDEST information you can recall. If you can, avoid giving information that is known to a hijacker, for example the password that the hijacker knows. Submit the recovery request from the device and connection that you most commonly used to access the account in the past if you can.